---

---

UNCLASSIFIED Appendices  Version 1.0g  UNCLASSIFIED 223   Section Topic Application to Switches 4.4 Routing protocols  This section is not generally applicable to switches. [Note: some Catalyst 5000 and higher series switches are equipped with a ‘Route Switch Module’.  This module is essentially a 4700-series IOS router attached to the switch.   It should be configured using Section 4 like any other router.] 4.5 Audit and Management Almost all of this section applies to IOS-based switches; some switch IOS versions do not support NTP, and must have their time set manually.  All switches support RMON and SMTP; they should be disabled if not in use, or access to them should be restricted.    4.6 Access control with AAA All of this section is applicable to IOS -based switches, if they support AAA (IOS 11.2 and later). Note that Cisco switch-resident routing hardware (e.g. Catalyst 5000 series Route Switch Modules) can and should be configured using the guidance in Section 4, after careful consideration of its role in the network security policy.   Most of the security testing guidance given in Section 6 also applies to LAN switches.